package com.theta.gateway.biz.service.impl;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.theta.gateway.biz.dto.request.AuthenticationValidateRequest;
import com.theta.gateway.biz.dto.response.AuthenticationValidateResponse;
import com.theta.gateway.biz.dto.response.RouteCfgVO;
import com.theta.gateway.biz.service.RouteCfgService;
import com.theta.gateway.biz.service.SsoAuthenticationService;
import com.theta.gateway.infra.client.sso.SsoAuthenticationClient;
import com.theta.gateway.infra.common.config.NacosConstantConfig;
import com.theta.gateway.infra.common.enums.SsoValidateTypeEnum;
import com.theta.gateway.infra.common.enums.ValidFlagEnum;
import com.theta.gateway.infra.common.utils.GatewayRequestUtil;
import com.theta.gateway.infra.common.utils.JsonUtil;
import com.theta.gateway.infra.common.utils.StrUtil;

import lombok.extern.slf4j.Slf4j;


/**
 * sso登陆认证校验实现类
 * @author theta
 *
 */
@Slf4j
@Service
public class SsoAuthenticationServiceImpl implements SsoAuthenticationService {

	@Autowired
	private SsoAuthenticationClient ssoAuthenticationClient;
	@Autowired
	private NacosConstantConfig nacosConstantConfig;
	@Autowired
	private RouteCfgService routeCfgService;
	
	@Override
	public <T> AuthenticationValidateResponse<T> validateAuthentication(AuthenticationValidateRequest validateRequest,Class<T> respClazz) {
		AuthenticationValidateResponse<T> resp=new AuthenticationValidateResponse<T>(false, this.nacosConstantConfig.getSsoTenantLoginUrl());
		log.info("start validateAuthentication.....{}",JsonUtil.toJsonString(validateRequest));
		RouteCfgVO routeCfg=routeCfgService.getCacheServiceRoute(validateRequest.getServiceId());
		//是否接入sso登陆认证，默认为0-未接入
		int joinSsoType=StrUtil.obj2Integer(routeCfg.getIsJoinSso(), 0);
		//无服务配置 或 未接入sso则不校验
		if(routeCfg==null || joinSsoType==SsoValidateTypeEnum.NOT_VALIDATE.getCode().intValue()) {
			log.warn("服务[{}]无配置或未接入SSO:{}",validateRequest.getServiceId(),routeCfg==null?"":routeCfg.getIsJoinSso());
			resp.setTokenAvailable(true);
			return resp;
		}
		//从路由配置中获取需要认证的URL配置
		String ssoUrlPattern=StrUtil.null2string(routeCfg.getSsoAuthenticateUrl(), "/*");
		//判断当前请求url是否在 排除认证url规则中
		if(GatewayRequestUtil.checkUrlMatchPattern(validateRequest.getUri(), routeCfg.getSsoAuthenticateExcludeUrl())) {
			log.warn("放行，当前请求URL：[{}]在排除认证url规则中:{}",validateRequest.getUri(),routeCfg.getSsoAuthenticateExcludeUrl());
			resp.setTokenAvailable(true);
			return resp;
		}
		//判断当前请求url是否在 认证校验url规则中
		if (!GatewayRequestUtil.checkUrlMatchPattern(validateRequest.getUri(),ssoUrlPattern)) {
			log.warn("放行，当前请求URL：[{}]不在认证校验url规则中:{}", validateRequest.getUri(), ssoUrlPattern);
			resp.setTokenAvailable(true);
			return resp;
		}
		if(StrUtil.isEmpty(validateRequest.getAuthentication())) {
			return resp;
		}else {
			boolean validResp= this.ssoAuthenticationClient.validateAuthentication(validateRequest.getAuthentication());
			resp.setTokenAvailable(validResp);
		}
		return resp;
	}


	
	
	
	
	

}
